In the two previous parts of “File Server Security” (1-2), we looked at ways for you to physically secure your files servers, making it more difficult for perps to get physical access to your servers and the data, but if they still would, we would surely make them sweat a little bit before they could “enjoy” it.

We also looked at ways to minimize the attack surface by utilizing firewalls, avoiding internet connections, getting rid of unnecessary software, stopping services, malware protection and so on…

In this third and final part of “File Server Security”, we will put the final touch on our file server security recipe, for now…

In the first part of File Server security we covered the importance of physically protecting our file servers, preventing evil predators from putting their filthy hands on our physical hardware, trying to get access to sensitive data.

If someone would simply walk into a server room, or datacenters, grab one of the file servers and make a run for it, that would surely make physical security look a bit sloppy, don’t you think?

But now that we hopefully have that area under control, let’s look at a few more ways to make it harder for the evil forces to get access to our data.

Do you remember the days when you stored everything on a file server? I’m not talking about a fancy cluster, blade server, or a virtual machine, just that one boxy piece of metal collecting dust in the corner of the cold and noisy server room?

Well, that server might still be around you know! You may not recognize it since it’s been through a few facelifts, tune-up’s, personality changes and lost a few pounds, but it’s still there though, probably with the same name and ip-address too…

Problem is that through all these external and internal changes, one important thing was forgotten – Self-defense skills! Chuck Norris was too busy.

But it should be OK right? Nothing has happened in the last 15 years, we’ll deal with it when we’re less busy…

“Mr. Grondahl, this is Jennifer from American Express, you wouldn’t happen to be in Kuala Lumpur, Malaysia, would you? We believe someone is using your credit card there right now”

“Thank you for your call Jennifer, I wish I was in Kuala Lumpur, but unfortunately no, I’m not”

“OK, that’s what we suspected, so we already put a hold on your credit card”

“The charges made to the card will be revoked, and we will send you a new card within 2 business days”

These guys stay on top of it for sure, got to love them for that. I’ve even received a phone call from a credit card company when trying to use my card at a gas station about 4 hours north from where I live, the neighborhood that I had to stop in was not in the best area of town, but I was pretty much flying on fumes, so not a whole lot of options there. Also, didn’t want to risk being late for my Iron Maiden concert…

So how is it that some shady people get a hold of, and try to use your credit card information?

If you have been to a doctor’s office, or a hospital within the last decade, you have probably noticed that unless you’re in a very rural area of the world, you rarely see anyone handling paper journals or records anymore. They log on to the terminal in the visiting room, fill out your information and check your records. And you wouldn’t expect anything less, since we do live in a digitalized world, right?

All organizations constantly worry about external attackers, but truth to be told is that most threats these days come from malicious insiders. This is something that most organizations are not prepared to handle.

That insider could be your trusted colleague sitting across the desk from you, and that person may or may not even know he or she is a threat.

Monday morning 8:15, you start feeling that weird sense of guilt and nervousness, you feel the beads of sweat forming on your forehead, 15 minutes left before the auditor arrives…

You ask yourself – “How long could this possibly take? What are they looking for? What if I can’t provide the answers to all their questions? Should I look for a plane ticket to a faraway country where they don’t have an extradition treaty?”